Unrated severityNVD Advisory· Published Mar 23, 2009· Updated Jun 16, 2026
CVE-2009-1044
CVE-2009-1044
Description
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
- (no CPE)range: = 3.0.7
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
36- www.mozilla.org/security/announce/2009/mfsa2009-13.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/34181nvdPatch
- www.vupen.com/english/advisories/2009/0864nvdPatchVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPatch
- secunia.com/advisories/34471nvdVendor Advisory
- secunia.com/advisories/34505nvdVendor Advisory
- secunia.com/advisories/34510nvdVendor Advisory
- secunia.com/advisories/34511nvdVendor Advisory
- secunia.com/advisories/34521nvdVendor Advisory
- secunia.com/advisories/34527nvdVendor Advisory
- secunia.com/advisories/34549nvdVendor Advisory
- secunia.com/advisories/34550nvdVendor Advisory
- secunia.com/advisories/34792nvdVendor Advisory
- blogs.zdnet.com/security/nvd
- blogs.zdnet.com/security/nvd
- cansecwest.com/index.htmlnvd
- dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009nvd
- dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploitsnvd
- lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.htmlnvd
- news.cnet.com/8301-1009_3-10199652-83.htmlnvd
- osvdb.org/52896nvd
- support.avaya.com/elmodocs2/security/ASA-2009-113.htmnvd
- twitter.com/tippingpoint1/status/1351635812nvd
- www.debian.org/security/2009/dsa-1756nvd
- www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2009-0397.htmlnvd
- www.redhat.com/support/errata/RHSA-2009-0398.htmlnvd
- www.securityfocus.com/archive/1/502303/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-745-1nvd
- www.zerodayinitiative.com/advisories/ZDI-09-015nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368nvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.htmlnvd
News mentions
0No linked articles in our index yet.